From f4d0d10e98d85fb54c584656ea0ed814a6348378 Mon Sep 17 00:00:00 2001 From: mStar Date: Sat, 17 Aug 2024 15:53:39 +0200 Subject: [PATCH 1/8] Maybe split up username and webauthn id --- handlers.go | 22 +++++++++++++++++----- ifaces.go | 1 + 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/handlers.go b/handlers.go index 4b81c53..fcb28be 100644 --- a/handlers.go +++ b/handlers.go @@ -37,7 +37,11 @@ func (p *Passkey) beginRegistration(w http.ResponseWriter, r *http.Request) { t, err := p.sessionStore.GenSessionID() if err != nil { p.l.Errorf("can't generate session id: %s", err.Error()) - JSONResponse(w, fmt.Sprintf("can't generate session id: %s", err.Error()), http.StatusInternalServerError) + JSONResponse( + w, + fmt.Sprintf("can't generate session id: %s", err.Error()), + http.StatusInternalServerError, + ) return } @@ -70,7 +74,7 @@ func (p *Passkey) finishRegistration(w http.ResponseWriter, r *http.Request) { } // TODO: username != user id? need to check - user := p.userStore.GetOrCreateUser(string(session.UserID)) // Get the user + user := p.userStore.GetOrCreateUserByWebAuthnId(session.UserID) // Get the user credential, err := p.webAuthn.FinishRegistration(user, *session, r) if err != nil { @@ -120,7 +124,11 @@ func (p *Passkey) beginLogin(w http.ResponseWriter, r *http.Request) { t, err := p.sessionStore.GenSessionID() if err != nil { p.l.Errorf("can't generate session id: %s", err.Error()) - JSONResponse(w, fmt.Sprintf("can't generate session id: %s", err.Error()), http.StatusInternalServerError) + JSONResponse( + w, + fmt.Sprintf("can't generate session id: %s", err.Error()), + http.StatusInternalServerError, + ) return } @@ -146,7 +154,7 @@ func (p *Passkey) finishLogin(w http.ResponseWriter, r *http.Request) { session, _ := p.sessionStore.GetSession(sid.Value) // FIXME: cover invalid session // TODO: username != user id? need to check - user := p.userStore.GetOrCreateUser(string(session.UserID)) // Get the user + user := p.userStore.GetOrCreateUserByWebAuthnId(session.UserID) // Get the user credential, err := p.webAuthn.FinishLogin(user, *session, r) if err != nil { @@ -173,7 +181,11 @@ func (p *Passkey) finishLogin(w http.ResponseWriter, r *http.Request) { t, err := p.sessionStore.GenSessionID() if err != nil { p.l.Errorf("can't generate session id: %s", err.Error()) - JSONResponse(w, fmt.Sprintf("can't generate session id: %s", err.Error()), http.StatusInternalServerError) + JSONResponse( + w, + fmt.Sprintf("can't generate session id: %s", err.Error()), + http.StatusInternalServerError, + ) return } diff --git a/ifaces.go b/ifaces.go index debc14e..9a61ac6 100644 --- a/ifaces.go +++ b/ifaces.go @@ -16,6 +16,7 @@ type User interface { type UserStore interface { GetOrCreateUser(userID string) User + GetOrCreateUserByWebAuthnId(id []byte) User SaveUser(User) } From 8016b4dedae82f6d274319b9257f1e652a14b12d Mon Sep 17 00:00:00 2001 From: mStar Date: Sat, 17 Aug 2024 15:54:25 +0200 Subject: [PATCH 2/8] temporary package rename --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 7bcd5c8..88eb762 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/egregors/passkey +module github.com/mstarongithub/passkey go 1.22 From 24aa77187b3c59f5482d5b58433f7ad64e3a7fa8 Mon Sep 17 00:00:00 2001 From: mStar Date: Sat, 17 Aug 2024 16:03:05 +0200 Subject: [PATCH 3/8] Rename interface function for clarity The GetUserByWebAuthnId function should have to create a user. Reason: The app might separate username and webauthn id (for cases where the username is editable). Thus, we can't assume that the username is known in that function --- ifaces.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ifaces.go b/ifaces.go index 9a61ac6..7800343 100644 --- a/ifaces.go +++ b/ifaces.go @@ -16,7 +16,7 @@ type User interface { type UserStore interface { GetOrCreateUser(userID string) User - GetOrCreateUserByWebAuthnId(id []byte) User + GetUserByWebAuthnId(id []byte) User SaveUser(User) } From e76a2dfd6bb334103f7050e2db729d1fadbc91cd Mon Sep 17 00:00:00 2001 From: mStar Date: Sat, 17 Aug 2024 16:04:59 +0200 Subject: [PATCH 4/8] Update example Example now works again with the expanded interface --- _example/storage.go | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/_example/storage.go b/_example/storage.go index 670f0ed..b8379ba 100644 --- a/_example/storage.go +++ b/_example/storage.go @@ -7,6 +7,8 @@ import ( "github.com/egregors/passkey" "github.com/go-webauthn/webauthn/webauthn" + + "github.com/mstarongithub/passkey" ) type Storage struct { @@ -53,6 +55,18 @@ func (s *Storage) SaveUser(user passkey.User) { s.users[user.WebAuthnName()] = user } +func (s *Storage) GetUserByWebAuthnId(id []byte) passkey.User { + s.uMu.Lock() + defer s.uMu.Unlock() + + // Storage implementation assumes that username == webauthn Id + if user, ok := s.users[string(id)]; ok { + return user + } else { + return nil + } +} + // -- Session storage methods -- func (s *Storage) GenSessionID() (string, error) { From a25e31776c01cff307b0a0d7518f13c8094698e1 Mon Sep 17 00:00:00 2001 From: mStar Date: Sat, 17 Aug 2024 16:06:24 +0200 Subject: [PATCH 5/8] And revert module name change --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 88eb762..7bcd5c8 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/mstarongithub/passkey +module github.com/egregors/passkey go 1.22 From b9e0374e03afb04a4d7331105c7ff68c0ca793ce Mon Sep 17 00:00:00 2001 From: mStar Date: Sat, 17 Aug 2024 16:16:19 +0200 Subject: [PATCH 6/8] And make this repo mine again :3 --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 7bcd5c8..88eb762 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/egregors/passkey +module github.com/mstarongithub/passkey go 1.22 From 317f27dcfa90cce7347d07af44a08e613601f7ef Mon Sep 17 00:00:00 2001 From: mStar Date: Sat, 17 Aug 2024 16:20:28 +0200 Subject: [PATCH 7/8] Change mod name to upstream one --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 88eb762..7bcd5c8 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/mstarongithub/passkey +module github.com/egregors/passkey go 1.22 From 0d86e17f656c4f59eb702ab8d4ecbc92865faf3a Mon Sep 17 00:00:00 2001 From: mStar Date: Sat, 17 Aug 2024 16:24:27 +0200 Subject: [PATCH 8/8] More fixes Forgot to update func name in handlers --- handlers.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/handlers.go b/handlers.go index fcb28be..f15fadb 100644 --- a/handlers.go +++ b/handlers.go @@ -74,7 +74,7 @@ func (p *Passkey) finishRegistration(w http.ResponseWriter, r *http.Request) { } // TODO: username != user id? need to check - user := p.userStore.GetOrCreateUserByWebAuthnId(session.UserID) // Get the user + user := p.userStore.GetUserByWebAuthnId(session.UserID) // Get the user credential, err := p.webAuthn.FinishRegistration(user, *session, r) if err != nil { @@ -154,7 +154,7 @@ func (p *Passkey) finishLogin(w http.ResponseWriter, r *http.Request) { session, _ := p.sessionStore.GetSession(sid.Value) // FIXME: cover invalid session // TODO: username != user id? need to check - user := p.userStore.GetOrCreateUserByWebAuthnId(session.UserID) // Get the user + user := p.userStore.GetUserByWebAuthnId(session.UserID) // Get the user credential, err := p.webAuthn.FinishLogin(user, *session, r) if err != nil {